AWS Certified Solutions Architect – Professional — Question 922

A large company is migrating its on-premises applications to the AWS Cloud. All the company's AWS accounts belong to an organization in AWS Organizations.
Each application is deployed into its own VPC in separate AWS accounts.
The company decides to start the migration process by migrating the front-end web services while keeping the databases on premises. The databases are configured with local domain names that are specific to the on-premises environment. The local domain names must be resolvable from the migrated web services.
Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Create a shared services VPC in a new AWS account. Deploy Amazon Route 53 outbound resolvers. For relevant on-premises domains, use the outbound resolver settings to create forwarding rules that point to the on-premises DNS servers. Share these rules with the other AWS accounts by using AWS Resource Access Manager.
• B. Deploy Multi-AZ Amazon Route 53 outbound resolvers in each VPC. Create forwarding rules that point to on-premises DNS servers in local outbound resolvers for each VPC.
• C. Create a shared services VPC in a new AWS account. Deploy Amazon EC2 instances that act conditional forwarders inside the shared services VPC. Change the DHCP options set in each VPC to point to these forwarders as DNS servers. Create forwarding rules for relevant on-premises domains in these forwarders.
• D. Create a shared services VPC in a new AWS account. Deploy Amazon Route 53 inbound resolvers. For relevant on-premises domains, create forwarding rules that point to on-premises DNS servers. Share these rules with other AWS accounts by using AWS Resource Access Manager.

Correct answer: A

Explanation

Option A is correct because deploying Amazon Route 53 outbound resolvers in a centralized VPC and sharing the forwarding rules via AWS Resource Access Manager (RAM) provides a scalable, native solution with the lowest administrative overhead. Option B is incorrect because managing outbound resolvers in every individual VPC increases costs and management effort. Options C and D are incorrect because using EC2 instances as DNS forwarders introduces unnecessary maintenance, and inbound resolvers are designed for resolving AWS DNS queries from on-premises, not the other way around.